Published: 02/05/2018 Updated: 12/06/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 up to and including 4.4.2 allows malicious users to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android

App permissions? Pah! Rogue Android soft can 'place phone calls at will'

The Register • Neil McAllister in San Francisco • 07 Jul 2014

Bugs found in most 'droid versions render security controls useless – new claim

Researchers at German security firm Curesec have identified bugs present in most versions of Android that can allow malicious applications to place phone calls, even when they lack the necessary permissions. By exploiting these vulnerabilities, rogue apps can get up to such mischief as surreptitiously dialing out to expensive toll services, potentially racking up big charges on unsuspecting customers' phone bills. The same exploits can also be used to hang up outgoing calls and to send Unstructu...

CVE-2013-6272

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect